Protecting Your Business From Cybercrime During Work From Home Orders
The Coronavirus crisis has changed the world as we know it. With social distancing, lockdowns, and work from home becoming the “new normal,” cybercriminals are finding ways to exploit the situation by taking advantage of security vulnerabilities that didn’t previously exist. Many businesses are finding out the hard way that they were not prepared for a remote-first workforce and are going to have to work hard to correct those shortcomings.
One of the reasons for a sudden spike in cybercrime during work from home is that the work-from-home model is increasingly becoming the norm, while many organizations have not yet adopted the strategies necessary to protect their digital workspace. When you allow remote access to your data without adequate safeguards, you are needlessly exposing your I.T. systems to cyber criminals. It can be easy for malware and hackers to get into your system and corrupt it unless you have the right measures in place, which we will go into today.
Why does working from home increase cyber security risk? Well, take into consideration that most businesses pre-pandemic had all of their staff report to a centralized office, where they accessed the company’s files and software from designated computers. Now that they’re working from home those same businesses have exponentially increased their network complexity – people are working from home, many times on personally owned computers, behind residential grade firewalls, and with much lower oversight, control and maintenance. When you put all of this together you can see why cybercriminals are able to take advantage of these new cyber security loopholes…some of the key shortfalls are:
Lack of Cyber Security Knowledge within the staff
Most employees don’t realize how their simple actions or non-actions can permit a cyberattack that can bring your whole business down. One insecure network connection can open the entire network to attack, one malicious software package can introduce backdoors and ransomware into the environment, and one improperly sent email attachment can expose company data to the world. It is for this reason that every business should have a robust cyber security training program in place for all employees. This extends from I.T. critical personnel to employees who are simply accessing their emails from unsecured devices.
It is More Difficult to Oversee I.T. Operations
We mentioned earlier that the networks have become more complex – this is because most organizations now have multiple networks to manage, staff are often using unmanaged and unmonitored devices, and there is an uncertainty about the security posture across most networks. With teams working remotely, it is difficult for businesses to manage their I.T. effectively. Installation of security patches, anti-malware tools, data backups, etc., are all more difficult now that employees are using their home devices to access secure documents and data. Whenever possible your company should provide company owned and managed devices to all employees so that they can be appropriately monitored, managed, patched, secured, and supported.
What Can You Do to Ensure Your Business is Not a Victim of Cybercrime During Work From Home?
Does increased risk mean that the work-from-home model is not viable? Not at all! Many business leaders are contemplating a permanent work-from-home model even after the Coronavirus situation ends, as the benefits of the model are now clear to them—it offers plenty of flexibility, employee satisfaction and helps save on overhead costs.
You can still have a remote workforce while keeping your data safe. There are just a few things to consider before you move to a total digital migration for your WFH staff and equipment:
Update your computer use policies
You can start by ensuring you have acceptable use policies in place that define the extent and manner in which personal devices may be used for work purposes. Who is allowed to use personal devices for work? Or perhaps excluding that option completely. Once that is established, spell out the regulations they must follow and implement extra factors such as two-factor authentication on any service and site that supports it. Ensure all devices have the same commercial-grade antivirus, anti-ransomware, and other security solutions in place. Regularly checking for malware and updates to anti-malware software will be much more complicated if these items are not standardized than if all devices were networked under your company’s roof, but you should implement the process nonetheless.
If there are restrictions to the device type, software, or operating systems you may use due to security concerns, these should be addressed in your policies. We also recommend including information to remind users that company data is to be protected and that any information created, stored, or transmitted on company equipment and services remains the property of the organization.
Focus On the 2 Ts of Cybersecurity
Most Cybersecurity incidents start with one user. So it’s important to focus on them as your first layer of protection against these risks. With that in mind we recommend:
Train your Staff:
The first T is training your staff on identifying I.T. threats and cybercrime during work from home activities that they can be a victim of or unwittingly perpetuate. Examples include phishing emails, suspicious attachments, clone sites, etc.
Helping your staff identify potential security risks, recognizing the true cost of “free” software and services, and when they should ask for professional help is also very important knowledge for every member of your team to have.
Installing and pushing updates for antivirus software can only address some of the safety concerns. Clean online practices are required for everything else.
Teach Good Password Hygiene:
This is the second T. Help your employees understand how vital password strength is and what good password development looks like. They should be able to identify weak passwords and steer clear of them. Additionally, they need to know that password sharing is unacceptable, no matter how urgent the situation may seem. Similarly, mistakes such as repeating the password for multiple accounts or not changing the passwords frequently can make a cybercriminal’s job much easier.
The general recommendation today is that a longer password (20+ characters) is far more secure than a short, complex one. We also recommend that you and your staff should have a separate, unique password for each website or service they access. To help keep this all straight we recommend providing a password management tool that the company owns or subscribes to for all of your staff to use.
Keeping Things Under Control
Control practices are more proactive, as you can conduct monthly audits of the devices your employees will be using for work purposes. This will help mitigate any risks associated with cybercrime during work from home.
Arrange for regular security patch implementation, and software updates. Require the installation of quality anti-malware software, firewalls, and email security systems on all devices. Even in the remote environment, you can ensure appropriate data access through role- and permission-based access control measures.
With a firm I.T. policy that caters to the work-from-home environment, you can make this new everyday work for you and your remote team. However, it is essential to define the policies clearly and put them into practice.
All of this may seem new, time-consuming, and tedious—especially for businesses looking to recover from the effects of the ongoing pandemic. This apprehension is why it is a good idea to work with a managed services provider to help set up a robust, secure, work-from-home environment for your business.
Tier 3 I.T. Services help businesses design, implement, and train on hardware and human solutions that foster safe digital environments. We are happy to walk you through the steps necessary for success today and tomorrow when it comes to your digital workplace. Get in touch with us today to get started!